psyqosis Posted January 3, 2008 Share Posted January 3, 2008 Hi. My web host just updated their servers, and since then, part of my code allowing access control into a database back-end doesn't work. I've talked with the host and they claim nothing should have changed, though I haven't changed anything either. The database connect string is fine & the database has the correct MySQL user account setup in my admin panel. Below is the code in question (simple login screen shown; if access is passed, more code displays the actual page). The issue is that whether correct or incorrect credentials are entered & submitted, the page simply reloads itself. <?php session_start(); ?> $database = "statz07_default" or die(mysql_error()); $db = mysql_connect("localhost", "statz07_statz07", "Q9e6LNY") or die(mysql_error()); mysql_select_db($database, $db) or die(mysql_error()); <head> <link rel="stylesheet" type="text/css" href="site.css"> </head> <body> <?php if (!isset($name)) { ?> <table width=740 cellpadding=0 border=0 cellspacing=0> <tr> <td bgcolor=#ffffff> <table width=735 cellpadding=10 border=0 cellspacing=1> <tr> <td bgcolor=#ff3300 width=100%><b>Sign-In</b></td> </tr> <tr> <form method="post" action="<?php echo $PHP_SELF?>"> <td width=100% bgcolor="#ccffcc" valign=top> <h3>Please Sign In</h3> <center> <table width=400 cellpadding=0 cellspacing=0 border=0> <tr><td align=right nowrap>Name  </td><td><input type="text" name="name"></td></tr> <tr><td align=right nowrap>Password  </td><td><input type="password" name="pswd"></td></tr> <tr><td colspan=2 align=right height=5><img src="images/clearpix.gif" width=400 height=5></td></tr> <tr><td colspan=2 align=right height=1 bgcolor=black><img src="images/clearpix.gif" width=400 height=1></td></tr> <tr><td colspan=2 align=right height=5><img src="images/clearpix.gif" width=400 height=5></td></tr> <tr><td colspan=2 align=right><input type=hidden name="new_acc" value="1"><input type="submit" value="sign-in"></td></tr> </table> </center> </form> </td> </tr> </table> </td> </tr> </table> <?php exit; } session_register("name"); session_register("pswd"); session_register("uid"); $sql="SELECT * FROM users WHERE un='$name' AND pw='$pswd';"; $result = mysql_query($sql, $db); if (mysql_num_rows($result)>0) { $uid = mysql_result($result, 0, 'id'); } if (mysql_num_rows($result) == 0) { session_unregister("name"); session_unregister("pswd"); session_unregister("uid"); ?> <table width=740 cellpadding=0 border=0 cellspacing=0> <tr> <td bgcolor=#ffffff> <table width=735 cellpadding=10 border=0 cellspacing=1> <tr> <td bgcolor=ff3300 width=100%><b>Sign-In</b></td> </tr> <tr> <tr> <form method="post" action="<?php echo $PHP_SELF?>"> <td width=100% bgcolor=#ccffcc valign=top> <h5 class="error">Your login details have not been recognised.</h5> <h5>Please try again by <a href="<?php echo $PHP_SELF; ?>">clicking here</a>.</h5> </td> </tr> </table> </td> </tr> </table> <?php exit; } ?> Quote Link to comment Share on other sites More sharing options...
revraz Posted January 3, 2008 Share Posted January 3, 2008 So you are storing the PWs in plain text in the DB? And what did they actually upgrade, PHP or MYSQL? Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted January 3, 2008 Share Posted January 3, 2008 Looks like your code relies upon register globals and maybe the reason why your site does work. You should try to update your code. Quote Link to comment Share on other sites More sharing options...
revraz Posted January 3, 2008 Share Posted January 3, 2008 Also, there is no way this code worked as is. This is your first line: <?php session_start(); ?> $database = "statz07_default" or die(mysql_error()); $db = mysql_connect("localhost", "statz07_statz07", "Q9e6LNY") or die(mysql_error()); mysql_select_db($database, $db) or die(mysql_error()); So you close PHP but then assign variables right after. Move the ?> to after the mysql_select_db statement. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted January 3, 2008 Share Posted January 3, 2008 The or die(mysql_error()); that is part of the $database = "statz07_default" line of code is bogus as well. Quote Link to comment Share on other sites More sharing options...
psyqosis Posted January 3, 2008 Author Share Posted January 3, 2008 revraz- the php close was a copy/paste error into this forum. the code worked good. yes storing pws in plain text updated php and mysql wildteen- what do i do to "update" my code regarding register globals? thanks Quote Link to comment Share on other sites More sharing options...
Daukan Posted January 3, 2008 Share Posted January 3, 2008 You should update your code so it does not rely on register globals. But as a temporary fix make a .htaccess file or add this to it if it already exits. This will only work on nix machines btw php_flag register_globals 1 Quote Link to comment Share on other sites More sharing options...
revraz Posted January 3, 2008 Share Posted January 3, 2008 Here <tr><td align=right nowrap>Name  </td><td><input type="text" name="name"></td></tr> session_register("name"); needs to change to <tr><td align=right nowrap>Name  </td><td><input type="text" name="name"></td></tr> $_SESSION['name']=$_POST['name']; All of those have to be redone. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted January 3, 2008 Share Posted January 3, 2008 There is also at least one $PHP_SELF that needs to be changed to $_SERVER['PHP_SELF'] Checking your web server log file or turning on full php error reporting will help in finding the places in the code that need to be changed. The .htaccess temporary work around will only work on Apache web servers where php is running as an apache module. Where php is running as a CGI wrapper, you should have the ability to use a local php.ini file. Quote Link to comment Share on other sites More sharing options...
psyqosis Posted January 3, 2008 Author Share Posted January 3, 2008 Okay, I changed the syntax for variable registration to: $_SESSION['name']=$_POST['name']; $_SESSION['pswd']=$_POST['pswd']; $_SESSION['uid']=$_POST['uid']; ...and all the $PHP_SELF references to $_SERVER['PHP_SELF'], but there's still no change. the page is at www.statzbarandgrill.com/admin if anyone wants to see what happens. no matter if the credentials are correct or not, the page still simply resets. Quote Link to comment Share on other sites More sharing options...
awpti Posted January 3, 2008 Share Posted January 3, 2008 Sounds like you need to chop it up and start bughunting bit by bit. Verify values from the submitted form. Verify they are evaluating as expected Create and verify the session data exists and evaluates. So on and so forth. Quote Link to comment Share on other sites More sharing options...
revraz Posted January 3, 2008 Share Posted January 3, 2008 Where is your Submit code and why do you have a 2nd form below (with no closing tag)? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted January 3, 2008 Share Posted January 3, 2008 Every variable that gets set from the form, $name as an example, needs to be set from the corresponding $_POST['name']. Turning on full php error reporting will help you find this and any other variables that are not define and where they are. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.